hngopher.com

       [HN Gopher] Infinitely nested iframes
       ___________________________________________________________________
        
       Infinitely nested iframes
        
       Author : andai
       Score  : 36 points
       Date   : 2021-02-11 16:57 UTC (1 days ago)
        
 (HTM) web link (ciphrd.com)
 (TXT) w3m dump (ciphrd.com)
        
       | bransonf wrote:
       | This SO thread [0] on the subject is interesting as well. I
       | suspect this really has no harmful consequences, most browsers
       | have a max iframe depth, although I don't know how it varies.
       | 
       | [0] https://stackoverflow.com/questions/14223628/why-does-a-
       | self...
        
         | tylerhou wrote:
         | I can "crash" a tab by running an infinite JS loop, or sending
         | a bunch of data. Crashing doesn't seem like a big deal.
        
       | roywiggins wrote:
       | This is delightful, I love it.
        
       | lopatin wrote:
       | I found myself asking "why" at first. Then remembered we're on
       | HN, and "why not" would be a sufficient answer. Well done!
        
       | anotheryou wrote:
       | No live demo? or did i skim too badly :) ?
        
         | zingplex wrote:
         | That's a shame. I was interested in seeing how different
         | browser engines handled it.
        
         | banana_giraffe wrote:
         | I wanted to see it locally, so I threw this together:
         | #!/usr/bin/env python3         from flask import Flask
         | app = Flask(__name__)         @app.route('/')         def
         | hello():             return world("0")
         | @app.route('/<depth>')         def world(depth):
         | return f"""         <head><title>iframe loop</title></head>
         | <body><h1>iframe loop</h1>         <iframe width="800"
         | height="600" src="/{int(depth)+1}"></iframe>
         | </body></html>             """         if __name__ ==
         | '__main__':             app.run()
         | 
         | I put the Chrome tab out of it's misery after 250 frames, it
         | was really chugging along.
        
       | kokanee wrote:
       | I wonder how this method of turning one legitimate request into
       | infinite requests could be used or abused for real world
       | purposes. CPC fraud? DOS attacks? CPU drain? There's no reason
       | that the iframe needs to be visible in the page at all.
        
       | jbob2000 wrote:
       | This happens all the time to my app. Our marketing team littered
       | iframes all over our app, but they constantly push broken URLs
       | for the iframe src. So what happens is the iframe defaults to
       | loading the parent frame, which then loads iframes, which fail to
       | load and again load the parent. Repeat.
       | 
       |  _Ahhh, enterprise software development..._
        
         | irrational wrote:
         | I work on enterprise software and in my experience what you are
         | describing is not normal. It sounds more like amateur software
         | development masquerading as enterprise software development.
        
       ___________________________________________________________________
       (page generated 2021-02-12 23:01 UTC)